Hacker

In computing, a hacker is any highly skilled computer expert capable of breaking into computer systems and networks using bugs and exploits. Depending on the field of computing it has slightly different meanings, and in some contexts has controversial moral and ethical connotations. In its original sense, the term refers to a person in any one of the communities and hacker subcultures:[1]

Hacker (computer security). People involved with circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via communication networks such as the Internet (Black hats), but also includes those who debug or fix security problems (White hats), and the morally ambiguous Grey hats.

Grey hats are hackers who are neither good nor bad, and often include people who hack 'for fun' or to 'troll'. They may both fix and exploit, though grey hats are usually associated with black hat hackers.

Black hats are hackers with malicious intentions, and steal, exploit, and sell data. They are usually motivated by personal gain.

White hats are hackers employed with the efforts of keeping data safe from other hackers by looking for loopholes and hackable areas. This type of hacker typically gets paid quite well, and receives no jail time due to the consent of the company that hired them.

Today, mainstream usage of "hacker" mostly refers to computer criminals, due to the mass media usage of the word since the 1980s. This includes what hacker slang calls "script kiddies," people breaking into computers using programs written by others, with very little knowledge about the way they work. This usage has become so predominant that the general public is unaware that different meanings exist.[5] While the self-designation of hobbyists as hackers is acknowledged by all three kinds of hackers, and the computer security hackers accept all uses of the word, people from the programmer subculture consider the computer intrusion related usage incorrect, and emphasize the difference between the two by calling security breakers "crackers" (analogous to a safecracker).

Currently, "hacker" is used in two main conflicting ways:

as someone who is able to subvert computer security; if doing so for malicious purposes, the person can also be called a cracker.[6]

an adherent of the technology and programming subculture.

The controversy is usually based on the assumption that the term originally meant someone messing about with something in a positive sense, that is, using playful cleverness to achieve a goal. But then, it is supposed, the meaning of the term shifted over the decades since it first came into use in a computer context and came to refer to computer criminals.[7]

As usage has spread more widely, the primary misunderstanding of newer users conflicts with the original primary emphasis. In popular usage and in the media, computer intruders or criminals is the exclusive meaning today, with associated pejorative connotations. (For example, "An Internet 'hacker' broke through state government security systems in March.") In the computing community, the primary meaning is a complimentary description for a particularly brilliant programmer or technical expert. (For example, "Linus Torvalds, the creator of Linux, is considered by some to be a hacker.") A large segment of the technical community insist the latter is the "correct" usage of the word (see the Jargon File definition below).

The mainstream media's current usage of the term may be traced back to the early 1980s. When the term was introduced to wider society by the mainstream media in 1983, even those in the computer community referred to computer intrusion as "hacking", although not as the exclusive use of that word. In reaction to the increasing media use of the term exclusively with the criminal connotation, the computer community began to differentiate their terminology. Alternative terms such as "cracker" were coined in an effort to distinguish between those adhering to the historical use of the term "hack" within the programmer community and those performing computer break-ins. Further terms such as "black hat", "white hat" and "gray hat" developed when laws against breaking into computers came into effect, to distinguish criminal activities and those activities which were legal.

However, since network news use of the term pertained primarily to the criminal activities despite this attempt by the technical community to preserve and distinguish the original meaning, the mainstream media and general public continue to describe computer criminals with all levels of technical sophistication as "hackers" and do not generally make use of the word in any of its non-criminal connotations. Members of the media sometimes seem unaware of the distinction, grouping legitimate "hackers" such as Linus Torvalds and Steve Wozniak along with criminal "crackers".[8]

As a result of this difference, the definition is the subject of heated controversy. The wider dominance of the pejorative connotation is resented by many who object to the term being taken from their cultural jargon and used negatively,[9] including those who have historically preferred to self-identify as hackers. Many advocate using the more recent and nuanced alternate terms when describing criminals and others who negatively take advantage of security flaws in software and hardware. Others prefer to follow common popular usage, arguing that the positive form is confusing and unlikely to become widespread in the general public. A minority still use the term in both original senses despite the controversy, leaving context to clarify (or leave ambiguous) which meaning is intended.

However, the positive definition of hacker was widely used as the predominant form for many years before the negative definition was popularized. "Hacker" can therefore be seen as a shibboleth, identifying those who use the technically oriented sense (as opposed to the exclusively intrusion-oriented sense) as members of the computing community. Due to the variety of industry a software designer may find themselves in many prefer not to be referred to as 'Hacker' as the word Hack holds a negative denotation in many of those industries.

A possible middle ground position has been suggested, based on the observation that "hacking" describes a collection of skills and tools which are used by hackers of both descriptions for differing reasons. The analogy is made to locksmithing, specifically picking locks, which—aside from its being a skill with a fairly high tropism to 'classic' hacking—is a skill which can be used for good or evil. The primary weakness of this analogy is the inclusion of script kiddies in the popular usage of "hacker", despite the lack of an underlying skill and knowledge base. Sometimes, hacker also is simply used synonymous to geek: "A true hacker is not a group person. He's a person who loves to stay up all night, he and the machine in a love-hate relationship... They're kids who tended to be brilliant but not very interested in conventional goals[...] It's a term of derision and also the ultimate compliment."[10]

Fred Shapiro thinks that "the common theory that 'hacker' originally was a benign term and the malicious connotations of the word were a later perversion is untrue." He found out that the malicious connotations were present at MIT in 1963 already (quoting The Tech, an MIT student newspaper) and then referred to unauthorized users of the telephone network,[11][12] that is, the phreaker movement that developed into the computer security hacker subculture of today.

The main basic difference between programmer subculture and computer security hackers is their mostly separate historical origin and development. However, the Jargon File reports that considerable overlap existed for the early phreaking at the beginning of the 1970s. An article from MIT's student paper The Tech used the term hacker in this context already in 1963 in its pejorative meaning for someone messing with the phone system.[11] The overlap quickly started to break when people joined in the activity who did it in a less responsible way.[13] This was the case after the publication of an article exposing the activities of Draper and Engressia.

According to Raymond, hackers from the programmer subculture usually work openly and use their real name, while computer security hackers prefer secretive groups and identity-concealing aliases.[14] Also, their activities in practice are largely distinct. The former focus on creating new and improving existing infrastructure (especially the software environment they work with), while the latter primarily and strongly emphasize the general act of circumvention of security measures, with the effective use of the knowledge (which can be to report and help fixing the security bugs, or exploitation reasons) being only rather secondary. The most visible difference in these views was in the design of the MIT hackers' Incompatible Timesharing System, which deliberately did not have any security measures.

There are some subtle overlaps, however, since basic knowledge about computer security is also common within the programmer subculture of hackers. For example, Ken Thompson noted during his 1983 Turing Award lecture that it is possible to add code to the UNIX "login" command that would accept either the intended encrypted password or a particular known password, allowing a back door into the system with the latter password. He named his invention the "Trojan horse". Furthermore, Thompson argued, the C compiler itself could be modified to automatically generate the rogue code, to make detecting the modification even harder. Because the compiler is itself a program generated from a compiler, the Trojan horse could also be automatically installed in a new compiler program, without any detectable modification to the source of the new compiler. However, Thompson disassociated himself strictly from the computer security hackers: "I would like to criticize the press in its handling of the 'hackers,' the 414 gang, the Dalton gang, etc. The acts performed by these kids are vandalism at best and probably trespass and theft at worst. ... I have watched kids testifying before Congress. It is clear that they are completely unaware of the seriousness of their acts."[15]

The programmer subculture of hackers sees secondary circumvention of security mechanisms as legitimate if it is done to get practical barriers out of the way for doing actual work. In special forms, that can even be an expression of playful cleverness.[16] However, the systematic and primary engagement in such activities is not one of the actual interests of the programmer subculture of hackers and it does not have significance in its actual activities, either.[14] A further difference is that, historically, members of the programmer subculture of hackers were working at academic institutions and used the computing environment there. In contrast, the prototypical computer security hacker had access exclusively to a home computer and a modem. However, since the mid-1990s, with home computers that could run Unix-like operating systems and with inexpensive internet home access being available for the first time, many people from outside of the academic world started to take part in the programmer subculture of hacking.

Since the mid-1980s, there are some overlaps in ideas and members with the computer security hacking community. The most prominent case is Robert T. Morris, who was a user of MIT-AI, yet wrote the Morris worm. The Jargon File hence calls him "a true hacker who blundered".[17] Nevertheless, members of the programmer subculture have a tendency to look down on and disassociate from these overlaps. They commonly refer disparagingly to people in the computer security subculture as crackers, and refuse to accept any definition of hacker that encompasses such activities. The computer security hacking subculture on the other hand tends not to distinguish between the two subcultures as harshly, instead acknowledging that they have much in common including many members, political and social goals, and a love of learning about technology. They restrict the use of the term cracker to their categories of script kiddies and black hat hackers instead.

All three subcultures have relations to hardware modifications. In the early days of network hacking, phreaks were building blue boxes and various variants. The programmer subculture of hackers has stories about several hardware hacks in its folklore, such as a mysterious 'magic' switch attached to a PDP-10 computer in MIT's AI lab, that, when turned off, crashed the computer.[18] The early hobbyist hackers built their home computers themselves, from construction kits. However, all these activities have died out during the 1980s, when the phone network switched to digitally controlled switchboards, causing network hacking to shift to dialing remote computers with modems, when pre-assembled inexpensive home computers were available, and when academic institutions started to give individual mass-produced workstation computers to scientists instead of using a central timesharing system. The only kind of widespread hardware modification nowadays is case modding.

An encounter of the programmer and the computer security hacker subculture occurred at the end of the 1980s, when a group of computer security hackers, sympathizing with the Chaos Computer Club (who disclaimed any knowledge in these activities), broke into computers of American military organizations and academic institutions. They sold data from these machines to the Soviet secret service, one of them in order to fund his drug addiction. The case was solved when Clifford Stoll, a scientist working as a system administrator, found ways to log the attacks and to trace them back (with the help of many others). 23, a German film adaption with fictional elements, shows the events from the attackers' perspective. Stoll described the case in his book The Cuckoo's Egg and in the TV documentary The KGB, the Computer, and Me from the other perspective. According to Eric S. Raymond, it "nicely illustrates the difference between 'hacker' and 'cracker'. Stoll's portrait of himself, his lady Martha, and his friends at Berkeley and on the Internet paints a marvelously vivid picture of how hackers and the people around them like to live and how they think."[19]

A cracker (also known as a black hat hacker)[20] is someone who knows the web similar to hackers and doesn't use the internet for gaining any extensive knowledge and are professionals in what they do but they are not the white collar heroes as security hackers are. Crackers use their skills to earn themselves profits or to benefit from criminal gain. Crackers find exploits to systems securities and vulnerabilities but often use them to their advantage by either selling the fix to the company themselves or keeping the exploit and selling it to other black hat hackers to steal information or gain royalties.